| Category | Started On | Completed On | Duration | Cuckoo Version |
|---|---|---|---|---|
| FILE | 2016-11-03 00:52:25.392500 | 2016-11-03 00:54:38.467880 | 133 seconds | 2.0-dev |
| Machine | Label | Manager | Started On | Shutdown On |
|---|---|---|---|---|
| win-xp-sp3 | win-xp-sp3 | VirtualBox | 2016-11-03 00:52:25 | 2016-11-03 00:54:38 |
| File name | IPR in China FINAL.pdf | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| File size | 54720 bytes | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| File type | PDF document, version a.a | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CRC32 | 690774BB | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| MD5 | c497c02464ae74bbc94120d1cbe88d49 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| SHA1 | 794b26a4320e968e7b5a68f600c6a7b2388220ae | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| SHA256 | 816ff03f39d9d210ee3a49a61f208a4b0a8979c3d08fa9b8a17e01a98b5d123c | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| SHA512 | ec109207ac6ab5b1ab1a5626a2850586b9bd016a52e59c00b77efec9537f94cb4189bfbf6973674ffd523f1a24c597a269fec96e55b5174d4d27a9a57fc3ade3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Ssdeep | 1536:ob/dOMWvEHZa7sN8lfIPDR9dqT5ybgwCZ:tGEsNH19j0l | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| PEiD | None matched | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Yara | None matched | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| VirusTotal |
Permalink VirusTotal Scan Date: 2016-10-27 07:25:42 Detection Rate: 36/55 (Expand)
|
| File name | 1e6835dd16644fed_shareddataevents |
|---|---|
| File size | 3072 bytes |
| File type | SQLite 3.x database |
| MD5 | 378a7665e3b93ab4a5d391c9570de5ef |
| SHA1 | bc7d619e372c0e60ecbbc7f5287940f931299af2 |
| SHA256 | 1e6835dd16644fed56f923dde1a163f7ec88651ba3c5fa2b8a105184b852dc44 |
| SHA512 | f8ab74b3ad75e1ce6df927559c486d3f7219e5f50c3da2d69487a057c41c8c87663f0845c863a342852ec609f9516e695c4ebef21c64107a4072ffc82f8e6656 |
| Ssdeep | 12:HLS0qgtO9OiyopOz2VVXet3aQK+GyMFO+rlhurs7qllZ2BUI4h2:r8Rx/XYKQvGJF7ursClZy/4c |
| Yara | None matched |
| VirusTotal | Search for Analysis |
| File name | a479dd2807cb9817_ArmUI.ini |
|---|---|
| File size | 163994 bytes |
| File type | Little-endian UTF-16 Unicode text, with CRLF line terminators |
| MD5 | 927e703153e62a1cb9a4437659144bda |
| SHA1 | d293a6eb612b6c3bcddeec698e40dbebb5c61879 |
| SHA256 | a479dd2807cb9817ef3ef7a31f3b7582339785e921b4284e55a1387dc38ec770 |
| SHA512 | 0a1d099fccceadb38c7326a9791da18ddeff069600359b415744ae46641b8f041e4a31b00281a996f54b0991dbdf7bdbd0701f6cb71189afd42c207c4631d228 |
| Ssdeep | 3072:kT4CJ4WTbmKk61NmSTBjDT7lV8MztutF4NVxcCXXYAF5CPD:9EYJ |
| Yara | None matched |
| VirusTotal | Search for Analysis |
| File name | 62a31b817d5aa56b_adobearm.log |
|---|---|
| File size | 3030 bytes |
| File type | ASCII text, with CRLF, CR line terminators |
| MD5 | fb8657f7e4040a5e6e66bdd3ee25f3e7 |
| SHA1 | 946b68187dd64d0bb6dc5080bceba206a2d6722a |
| SHA256 | 62a31b817d5aa56b4d187c0a8627b3076840bafe7ffa35fd7003e88a1b6492b3 |
| SHA512 | bcc7931997e4f0aa6bb2a579996acf1732b34172fdd4171b3dc2e7c14b9e9aae8a9ea6ab0bed64ab21ac48d8716e248687cab10759e5ba29e443d5eddce587d1 |
| Ssdeep | 48:ob17Q2eMbJ5d1rogAafH5L1XQmaI7Z5z1DkieM7t5T1mRf3JMCD1C1iqyeYRP:ob1kFmJ5d1sNsH5L1A1aZ5z1A52t5T1+ |
| Yara | None matched |
| VirusTotal | Search for Analysis |
| File name | 2a2e0ba33d793244_usercache.bin |
|---|---|
| File size | 9662 bytes |
| File type | data |
| MD5 | 912bc7140ba3596f83450d830b7c9557 |
| SHA1 | 0bae66884a3e091bd6095923d4add3984f3e8db2 |
| SHA256 | 2a2e0ba33d79324445847a0128ca611fcc50c82a3556fa9a1478405f990843d2 |
| SHA512 | e9e45522441f2dfcfb2cd273be300a0b2add972c62f7496326a3fc5c45e4f318ca4d446ae2676360958429e39b91c1a7ee677a95d710d2936d5d48b1854dc3f1 |
| Ssdeep | 96:stIHhqWwdwlvw5SR73kAUVokJUJ0JMSJ81Wkhg28c1qOeN6hLWjAHo+1rOAq8oNs:sHWwdwlvwsR3UVoLpB+OeN6LWwTAAk8 |
| Yara | None matched |
| VirusTotal | Search for Analysis |
| File name | cd45143589eed4aa_acecache10.lst |
|---|---|
| File size | 1565 bytes |
| File type | data |
| MD5 | 751f3f26ad1d4baaa6c1b54a851f3ff1 |
| SHA1 | b0b1a2263c3688888eafcfca5fd54a1875f0d72b |
| SHA256 | cd45143589eed4aadf9cb930280e99a59088589220addf1125bdfcf9e04db81a |
| SHA512 | c858a2539544075bc6725149758c0e992003dad3ef8bc3486f3ec659ed6dbd326318d3f0f7fca77860bcd0791e1c9d3766dacb6cea4fe690ce536a8dc984051c |
| Ssdeep | 24:ehkFwRfC0yJrZtkRlxFX5C0yJrC3l9XhqXbx8xqdXhqbFBC0yJrZWlV:e/Rq0yZOlY0y0l1heaoVhj0yalV |
| Yara | None matched |
| VirusTotal | Search for Analysis |
registry filesystem process services network synchronization
| Timestamp | Thread | Function | Arguments | Status | Return | Repeated |
|---|
| Timestamp | Thread | Function | Arguments | Status | Return | Repeated |
|---|---|---|---|---|---|---|
| 2016-11-03 00:52:26.742461 | LdrLoadDll |
basename => kernel32 module_address => 0x7c800000 flags => 0 module_name => C:\WINDOWS\system32\kernel32.dll |
SUCCESS | |||
| 2016-11-03 00:52:26.902461 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.dll.2.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.dll.2.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:52:26.912461 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.dll.2.Config desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.dll.2.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:52:26.942461 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Reader\AGM.dll.2.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Reader\AGM.dll.2.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:52:26.942461 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Reader\AGM.dll.2.Config desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Reader\AGM.dll.2.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:52:26.982461 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Reader\CoolType.dll.2.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Reader\CoolType.dll.2.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:52:26.982461 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Reader\CoolType.dll.2.Config desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Reader\CoolType.dll.2.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:52:27.002461 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Reader\BIB.dll.2.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Reader\BIB.dll.2.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:52:27.002461 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Reader\BIB.dll.2.Config desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Reader\BIB.dll.2.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:52:27.002461 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Reader\ACE.dll.2.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Reader\ACE.dll.2.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:52:27.002461 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Reader\ACE.dll.2.Config desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Reader\ACE.dll.2.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:52:27.022461 | LdrLoadDll |
basename => advapi32 module_address => 0x77dd0000 flags => 0 module_name => advapi32.dll |
SUCCESS | |||
| 2016-11-03 00:52:27.022461 | LdrLoadDll |
basename => kernel32 module_address => 0x7c800000 flags => 0 module_name => kernel32.dll |
SUCCESS | |||
| 2016-11-03 00:52:27.022461 | LdrLoadDll |
basename => advapi32 module_address => 0x77dd0000 flags => 0 module_name => advapi32.dll |
SUCCESS | |||
| 2016-11-03 00:52:27.022461 | NtOpenFile |
file_handle => 0x0000006c filepath => \Device\KsecDD desired_access => 0x00100001 filepath_r => \Device\KsecDD open_options => 16 status_info => 0 share_access => 7 |
SUCCESS | |||
| 2016-11-03 00:52:27.022461 | NtOpenFile |
file_handle => 0x00000070 filepath => C:\WINDOWS\system32\wininet.dll desired_access => 0x001200a9 filepath_r => \??\C:\WINDOWS\system32\WININET.dll open_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.022461 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\WINDOWS\system32\WININET.dll.123.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\WINDOWS\system32\WININET.dll.123.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:52:27.022461 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\WINDOWS\system32\WININET.dll.123.Config desired_access => 0x001200a9 filepath_r => \??\C:\WINDOWS\system32\WININET.dll.123.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:52:27.022461 | LdrLoadDll |
basename => comctl32 module_address => 0x773d0000 flags => 0 module_name => comctl32.dll |
SUCCESS | |||
| 2016-11-03 00:52:27.073461 | LdrLoadDll |
basename => kernel32 module_address => 0x7c800000 flags => 0 module_name => kernel32.dll |
SUCCESS | |||
| 2016-11-03 00:52:27.083461 | LdrLoadDll |
basename => AcroRd32 module_address => 0x009f0000 flags => 0 module_name => C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.dll |
SUCCESS | |||
| 2016-11-03 00:52:27.083461 | NtOpenFile |
file_handle => 0x000000a0 filepath => C:\WINDOWS\system32\rpcss.dll desired_access => 0x00100020 filepath_r => \??\C:\WINDOWS\system32\rpcss.dll open_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-03 00:52:27.083461 | LdrLoadDll |
basename => uxtheme module_address => 0x5ad70000 flags => 0 module_name => C:\WINDOWS\system32\uxtheme.dll |
SUCCESS | |||
| 2016-11-03 00:52:27.083461 | LdrLoadDll |
basename => uxtheme module_address => 0x5ad70000 flags => 0 module_name => uxtheme.dll |
SUCCESS | |||
| 2016-11-03 00:52:27.083461 | LdrLoadDll |
basename => uxtheme module_address => 0x5ad70000 flags => 0 module_name => C:\WINDOWS\system32\uxtheme.dll |
SUCCESS | |||
| 2016-11-03 00:52:27.083461 | LdrLoadDll |
basename => uxtheme module_address => 0x5ad70000 flags => 0 module_name => C:\WINDOWS\system32\uxtheme.dll |
SUCCESS | |||
| 2016-11-03 00:52:27.083461 | LdrLoadDll |
basename => uxtheme module_address => 0x5ad70000 flags => 0 module_name => C:\WINDOWS\system32\uxtheme.dll |
SUCCESS | |||
| 2016-11-03 00:52:27.083461 | LdrLoadDll |
basename => Comctl32 module_address => 0x773d0000 flags => 0 module_name => Comctl32.dll |
SUCCESS | |||
| 2016-11-03 00:52:27.093461 | LdrLoadDll |
basename => kernel32 module_address => 0x7c800000 flags => 0 module_name => kernel32.dll |
SUCCESS | |||
| 2016-11-03 00:52:27.093461 | LdrLoadDll |
basename => BIB module_address => 0x07000000 flags => 0 module_name => C:\Program Files\Adobe\Reader 9.0\Reader\BIB.dll |
SUCCESS | |||
| 2016-11-03 00:52:27.103461 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Esl\aiodlite.dll.2.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Esl\aiodlite.dll.2.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:52:27.113461 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Esl\aiodlite.dll.2.Config desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Esl\aiodlite.dll.2.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:52:27.113461 | LdrLoadDll |
basename => aiodlite module_address => 0x10000000 flags => 0 module_name => C:\Program Files\Adobe\Reader 9.0\Esl\aiodlite.dll |
SUCCESS | |||
| 2016-11-03 00:52:27.113461 | LdrLoadDll |
basename => ADVAPI32 module_address => 0x77dd0000 flags => 0 module_name => C:\WINDOWS\system32\ADVAPI32.DLL |
SUCCESS | |||
| 2016-11-03 00:52:27.113461 | LdrLoadDll |
basename => ieframe module_address => 0x00000000 flags => 0 module_name => C:\WINDOWS\system32\ieframe.dll |
FAILURE | |||
| 2016-11-03 00:52:27.113461 | LdrLoadDll |
basename => acrord32 module_address => 0x009f0000 flags => 0 module_name => c:\program files\adobe\reader 9.0\reader\acrord32.dll |
SUCCESS | |||
| 2016-11-03 00:52:27.183461 | LdrLoadDll |
basename => UxTheme module_address => 0x5ad70000 flags => 0 module_name => UxTheme.dll |
SUCCESS | |||
| 2016-11-03 00:52:27.193461 | NtOpenFile |
file_handle => 0x000000b0 filepath => C:\Program Files\Adobe\Reader 9.0\Reader\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Reader\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.283461 | NtOpenFile |
file_handle => 0x000000bc filepath => C:\Documents and Settings\ardi\Application Data\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.283461 | NtCreateFile |
create_disposition => 2 file_handle => 0x000000bc filepath => C:\Documents and Settings\ardi\Application Data\Adobe desired_access => 0x00100001 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe create_options => 16417 status_info => 2 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.283461 | NtOpenFile |
file_handle => 0x000000bc filepath => C:\Documents and Settings\ardi\Application Data\Adobe\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.283461 | NtCreateFile |
create_disposition => 2 file_handle => 0x000000bc filepath => C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat desired_access => 0x00100001 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat create_options => 16417 status_info => 2 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.283461 | NtOpenFile |
file_handle => 0x000000bc filepath => C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.283461 | NtCreateFile |
create_disposition => 2 file_handle => 0x000000bc filepath => C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0 desired_access => 0x00100001 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0 create_options => 16417 status_info => 2 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.283461 | NtOpenFile |
file_handle => 0x000000bc filepath => C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.283461 | NtOpenFile |
file_handle => 0x000000bc filepath => C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.283461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\UserCache.bin desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\UserCache.bin create_options => 100 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:52:27.303461 | LdrLoadDll |
basename => ole32 module_address => 0x774e0000 flags => 0 module_name => ole32.dll |
SUCCESS | |||
| 2016-11-03 00:52:27.313461 | CoInitializeEx |
options => 6 |
FAILURE | |||
| 2016-11-03 00:52:27.313461 | LdrLoadDll |
basename => SHELL32 module_address => 0x7c9c0000 flags => 0 module_name => C:\WINDOWS\system32\SHELL32.dll |
SUCCESS | |||
| 2016-11-03 00:52:27.313461 | LdrLoadDll |
basename => SETUPAPI module_address => 0x77920000 flags => 0 module_name => SETUPAPI.dll |
SUCCESS | |||
| 2016-11-03 00:52:27.313461 | LdrLoadDll |
basename => rpcrt4 module_address => 0x77e70000 flags => 0 module_name => rpcrt4.dll |
SUCCESS | |||
| 2016-11-03 00:52:27.313461 | NtCreateFile |
create_disposition => 1 file_handle => 0x000000f8 filepath => \\?\PIPE\lsarpc desired_access => 0xc0100080 file_attributes => 0 filepath_r => \??\PIPE\lsarpc create_options => 64 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.313461 | NtWriteFile |
buffer => H ¸¸ xW44ëï #Eg‰« ]ˆŠëɟè +H` file_handle => 0x000000f8 offset => 0 |
SUCCESS | |||
| 2016-11-03 00:52:27.313461 | NtCreateFile |
create_disposition => 1 file_handle => 0x000000f4 filepath => \\?\PIPE\lsarpc desired_access => 0xc0100080 file_attributes => 0 filepath_r => \??\PIPE\lsarpc create_options => 64 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.313461 | NtWriteFile |
buffer => H ¸¸ xW44ëï #Eg‰« ]ˆŠëɟè +H` file_handle => 0x000000f4 offset => 0 |
SUCCESS | |||
| 2016-11-03 00:52:27.313461 | NtOpenFile |
file_handle => 0x000000fc filepath => \??\IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#42562d3131303066333036662020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} desired_access => 0x00100080 filepath_r => \??\IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#42562d3131303066333036662020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} open_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.313461 | NtOpenFile |
file_handle => 0x000000fc filepath => \??\IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#42562d3131303066333036662020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} desired_access => 0x00100080 filepath_r => \??\IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#42562d3131303066333036662020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} open_options => 16 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.313461 | NtCreateFile |
create_disposition => 1 file_handle => 0x000000fc filepath => \??\MountPointManager desired_access => 0x00100080 file_attributes => 128 filepath_r => \??\MountPointManager create_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.313461 | NtOpenFile |
file_handle => 0x000000fc filepath => \??\STORAGE#Volume#1&30a96598&0&SignatureEBD7EBD7Offset7E00Length9FF2E4A00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} desired_access => 0x00100080 filepath_r => \??\STORAGE#Volume#1&30a96598&0&SignatureEBD7EBD7Offset7E00Length9FF2E4A00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} open_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.313461 | NtOpenFile |
file_handle => 0x000000fc filepath => \??\STORAGE#Volume#1&30a96598&0&SignatureEBD7EBD7Offset7E00Length9FF2E4A00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} desired_access => 0x00100080 filepath_r => \??\STORAGE#Volume#1&30a96598&0&SignatureEBD7EBD7Offset7E00Length9FF2E4A00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} open_options => 16 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.323461 | NtCreateFile |
create_disposition => 1 file_handle => 0x000000fc filepath => \??\MountPointManager desired_access => 0x00100080 file_attributes => 128 filepath_r => \??\MountPointManager create_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.323461 | NtCreateFile |
create_disposition => 1 file_handle => 0x000000fc filepath => \??\MountPointManager desired_access => 0x00100080 file_attributes => 128 filepath_r => \??\MountPointManager create_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.323461 | NtCreateFile |
create_disposition => 1 file_handle => 0x000000fc filepath => \??\MountPointManager desired_access => 0x00100080 file_attributes => 128 filepath_r => \??\MountPointManager create_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.323461 | NtCreateFile |
create_disposition => 1 file_handle => 0x000000fc filepath => \??\MountPointManager desired_access => 0x00100080 file_attributes => 128 filepath_r => \??\MountPointManager create_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.323461 | NtCreateFile |
create_disposition => 1 file_handle => 0x000000fc filepath => \??\MountPointManager desired_access => 0x00100080 file_attributes => 128 filepath_r => \??\MountPointManager create_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.323461 | NtOpenFile |
file_handle => 0x00000100 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.323461 | LdrLoadDll |
basename => SHELL32 module_address => 0x7c9c0000 flags => 0 module_name => SHELL32.dll |
SUCCESS | |||
| 2016-11-03 00:52:27.323461 | LdrLoadDll |
basename => ole32 module_address => 0x774e0000 flags => 0 module_name => ole32.dll |
SUCCESS | |||
| 2016-11-03 00:52:27.323461 | NtOpenFile |
file_handle => 0x00000108 filepath => C:\Program Files\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.323461 | CoUninitialize | SUCCESS | ||||
| 2016-11-03 00:52:27.323461 | LdrLoadDll |
basename => shell32 module_address => 0x7c9c0000 flags => 0 module_name => shell32.dll |
SUCCESS | |||
| 2016-11-03 00:52:27.323461 | NtOpenFile |
file_handle => 0x00000108 filepath => C:\Program Files\Common Files\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Common Files\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.323461 | CoInitializeEx |
options => 6 |
FAILURE | |||
| 2016-11-03 00:52:27.323461 | NtOpenFile |
file_handle => 0x000000fc filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.323461 | NtOpenFile |
file_handle => 0x000000fc filepath => C:\Documents and Settings\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.323461 | NtOpenFile |
file_handle => 0x000000fc filepath => C:\Documents and Settings\ardi\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ardi\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.323461 | NtOpenFile |
file_handle => 0x000000fc filepath => C:\Documents and Settings\ardi\Local Settings\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ardi\Local Settings\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.333461 | CoUninitialize | SUCCESS | ||||
| 2016-11-03 00:52:27.333461 | NtOpenFile |
file_handle => 0x000000fc filepath => C:\Documents and Settings\ardi\Local Settings\Application Data\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ardi\Local Settings\Application Data\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.333461 | NtOpenFile |
file_handle => 0x000000fc filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.333461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\AdobeComFnt09.lst desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\AdobeComFnt09.lst create_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:52:27.333461 | LdrLoadDll |
basename => shell32 module_address => 0x7c9c0000 flags => 0 module_name => shell32.dll |
SUCCESS | |||
| 2016-11-03 00:52:27.333461 | LdrLoadDll |
basename => shell32 module_address => 0x7c9c0000 flags => 0 module_name => shell32.dll |
SUCCESS | |||
| 2016-11-03 00:52:27.333461 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Common Files\Adobe\Fonts\Reqrd\CMaps\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Common Files\Adobe\Fonts\Reqrd\CMaps\ open_options => 16417 status_info => 4294967295 share_access => 3 |
FAILURE | |||
| 2016-11-03 00:52:27.333461 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Common Files\Adobe\Fonts\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Common Files\Adobe\Fonts\ open_options => 16417 status_info => 4294967295 share_access => 3 |
FAILURE | |||
| 2016-11-03 00:52:27.333461 | NtOpenFile |
file_handle => 0x00000108 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.333461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\AdobeCMapFnt09.lst desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\AdobeCMapFnt09.lst create_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:52:27.333461 | LdrLoadDll |
basename => shell32 module_address => 0x7c9c0000 flags => 0 module_name => shell32.dll |
SUCCESS | |||
| 2016-11-03 00:52:27.333461 | LdrLoadDll |
basename => shell32 module_address => 0x7c9c0000 flags => 0 module_name => shell32.dll |
SUCCESS | |||
| 2016-11-03 00:52:27.333461 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Reqrd\CMaps\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Reqrd\CMaps\ open_options => 16417 status_info => 4294967295 share_access => 3 |
FAILURE | |||
| 2016-11-03 00:52:27.333461 | NtOpenFile |
file_handle => 0x00000108 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.333461 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.333461 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.343461 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.343461 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.343461 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.353461 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.353461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.353461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.353461 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.353461 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.353461 | NtOpenFile |
file_handle => 0x000000fc filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.353461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\AdobeSysFnt09.lst desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\AdobeSysFnt09.lst create_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:52:27.353461 | LdrLoadDll |
basename => gdi32 module_address => 0x77f10000 flags => 0 module_name => gdi32.dll |
SUCCESS | |||
| 2016-11-03 00:52:27.353461 | LdrLoadDll |
basename => advapi32 module_address => 0x77dd0000 flags => 0 module_name => advapi32.dll |
SUCCESS | |||
| 2016-11-03 00:52:27.733461 | NtOpenFile |
file_handle => 0x000000fc filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.733461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\ardi\Local Settings\Application Data\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\ardi\Local Settings\Application Data\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst create_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:52:27.733461 | LdrLoadDll |
basename => shell32 module_address => 0x7c9c0000 flags => 0 module_name => shell32.dll |
SUCCESS | |||
| 2016-11-03 00:52:27.733461 | NtOpenFile |
file_handle => 0x00000108 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.733461 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.733461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.733461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.733461 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.733461 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.733461 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.733461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.743461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.743461 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.743461 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.743461 | NtOpenFile |
file_handle => 0x000000fc filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.743461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\ardi\Local Settings\Application Data\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\ardi\Local Settings\Application Data\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst create_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:52:27.743461 | LdrLoadDll |
basename => shell32 module_address => 0x7c9c0000 flags => 0 module_name => shell32.dll |
SUCCESS | |||
| 2016-11-03 00:52:27.743461 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CIDFont\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CIDFont\ open_options => 16417 status_info => 4294967295 share_access => 3 |
FAILURE | |||
| 2016-11-03 00:52:27.743461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\ardi\Local Settings\Application Data\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\ardi\Local Settings\Application Data\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst create_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:52:27.743461 | LdrLoadDll |
basename => shell32 module_address => 0x7c9c0000 flags => 0 module_name => shell32.dll |
SUCCESS | |||
| 2016-11-03 00:52:27.743461 | NtOpenFile |
file_handle => 0x00000108 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.743461 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.743461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\AdobePiStd.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\AdobePiStd.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.743461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\AdobePiStd.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\AdobePiStd.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.774461 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.774461 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\AdobePiStd.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\AdobePiStd.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.774461 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.774461 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\AdobePiStd.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\AdobePiStd.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.774461 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.774461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.774461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.784461 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.784461 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.784461 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.784461 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.794461 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.794461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.794461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.824461 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.824461 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.824461 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.824461 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.824461 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.824461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.824461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.834461 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.834461 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.844461 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.844461 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.844461 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.844461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.844461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.844461 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.844461 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.844461 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.844461 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.844461 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.844461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Bold.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Bold.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.844461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Bold.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Bold.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.874461 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.874461 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Bold.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Bold.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.874461 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.874461 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Bold.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Bold.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.874461 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.874461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-BoldIt.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-BoldIt.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.874461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-BoldIt.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-BoldIt.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.894461 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.894461 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-BoldIt.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-BoldIt.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.894461 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.894461 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-BoldIt.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-BoldIt.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.894461 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.894461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.894461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.964461 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.964461 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.964461 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.964461 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.964461 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.964461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Regular.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Regular.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.964461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Regular.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Regular.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.974461 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.974461 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Regular.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Regular.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.974461 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.974461 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Regular.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Regular.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.974461 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.974461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadCurrency-Regular.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadCurrency-Regular.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.974461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadCurrency-Regular.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadCurrency-Regular.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.974461 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.974461 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadCurrency-Regular.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadCurrency-Regular.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.974461 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.974461 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadCurrency-Regular.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadCurrency-Regular.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.974461 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.974461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.984461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.984461 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.984461 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.984461 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.984461 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.984461 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.984461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-BoldIt.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-BoldIt.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.984461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-BoldIt.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-BoldIt.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.984461 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.984461 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-BoldIt.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-BoldIt.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.984461 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.984461 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-BoldIt.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-BoldIt.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.984461 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.984461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-It.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-It.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.984461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-It.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-It.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.984461 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.984461 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-It.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-It.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.984461 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.984461 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-It.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-It.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.984461 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.994461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.994461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.994461 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.994461 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.994461 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.994461 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.994461 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.994461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\SY______.PFB desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\SY______.PFB create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.994461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\SY______.PFB desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\SY______.PFB create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:27.994461 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:27.994461 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\SY______.PFB desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\SY______.PFB create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:28.004461 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:28.004461 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\pfm\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:28.004461 | NtOpenFile |
file_handle => 0x00000118 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:28.004461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\SY______.PFM desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\pfm\SY______.PFM create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:28.004461 | NtOpenFile |
file_handle => 0x00000118 filepath => C:\Program Files\Common Files\Adobe\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Common Files\Adobe\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:28.004461 | NtOpenFile |
file_handle => 0x00000118 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:28.004461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\SY______.PFM desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\pfm\SY______.PFM create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:28.004461 | NtOpenFile |
file_handle => 0x00000118 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:28.004461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\ZX______.PFB desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\ZX______.PFB create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:28.004461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\ZX______.PFB desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\ZX______.PFB create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:28.014461 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:28.014461 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\ZX______.PFB desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\ZX______.PFB create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:28.024461 | NtOpenFile |
file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:28.024461 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\mmm\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\mmm\ open_options => 16417 status_info => 4294967295 share_access => 3 |
FAILURE | |||
| 2016-11-03 00:52:28.034461 | NtOpenFile |
file_handle => 0x00000118 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:28.034461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\ZY______.PFB desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\ZY______.PFB create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:28.034461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\ZY______.PFB desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\ZY______.PFB create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:28.054461 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:28.054461 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\ZY______.PFB desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\ZY______.PFB create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:28.054461 | NtOpenFile |
file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:28.054461 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\mmm\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\mmm\ open_options => 16417 status_info => 4294967295 share_access => 3 |
FAILURE | |||
| 2016-11-03 00:52:28.064461 | NtOpenFile |
file_handle => 0x00000108 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:28.064461 | NtOpenFile |
file_handle => 0x00000118 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:28.064461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\SY______.PFM desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\SY______.PFM create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:28.064461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\SY______.PFM desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\SY______.PFM create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:28.064461 | NtOpenFile |
file_handle => 0x00000118 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:28.064461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\zx______.pfm desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\zx______.pfm create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:28.064461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\zx______.pfm desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\zx______.pfm create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:28.064461 | NtOpenFile |
file_handle => 0x00000118 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:28.064461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\zy______.pfm desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\zy______.pfm create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:28.064461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\zy______.pfm desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\zy______.pfm create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:28.064461 | NtOpenFile |
file_handle => 0x000000fc filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:28.064461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\AdobeComFnt09.lst desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\AdobeComFnt09.lst create_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:52:28.064461 | LdrLoadDll |
basename => shell32 module_address => 0x7c9c0000 flags => 0 module_name => shell32.dll |
SUCCESS | |||
| 2016-11-03 00:52:28.074461 | LdrLoadDll |
basename => shell32 module_address => 0x7c9c0000 flags => 0 module_name => shell32.dll |
SUCCESS | |||
| 2016-11-03 00:52:28.074461 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Common Files\Adobe\Fonts\Reqrd\CMaps\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Common Files\Adobe\Fonts\Reqrd\CMaps\ open_options => 16417 status_info => 4294967295 share_access => 3 |
FAILURE | |||
| 2016-11-03 00:52:28.074461 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Common Files\Adobe\Fonts\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Common Files\Adobe\Fonts\ open_options => 16417 status_info => 4294967295 share_access => 3 |
FAILURE | |||
| 2016-11-03 00:52:28.074461 | NtOpenFile |
file_handle => 0x00000108 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:28.074461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\AdobeCMapFnt09.lst desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\AdobeCMapFnt09.lst create_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:52:28.074461 | LdrLoadDll |
basename => shell32 module_address => 0x7c9c0000 flags => 0 module_name => shell32.dll |
SUCCESS | |||
| 2016-11-03 00:52:28.074461 | LdrLoadDll |
basename => shell32 module_address => 0x7c9c0000 flags => 0 module_name => shell32.dll |
SUCCESS | |||
| 2016-11-03 00:52:28.074461 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Reqrd\CMaps\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Reqrd\CMaps\ open_options => 16417 status_info => 4294967295 share_access => 3 |
FAILURE | |||
| 2016-11-03 00:52:28.074461 | NtOpenFile |
file_handle => 0x00000108 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:28.074461 | NtOpenFile |
file_handle => 0x00000118 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:28.074461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:28.074461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:28.074461 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:28.074461 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:28.074461 | NtOpenFile |
file_handle => 0x00000118 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:28.074461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:28.074461 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:28.074461 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:52:28.074461 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:52:28.084461 | NtCreateFile |
create_disposition => 5 file_handle => 0x000000fc filepath => C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\UserCache.bin desired_access => 0xc0100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\UserCache.bin create_options => 96 status_info => 2 share_access => 0 |
SUCCESS | |||
| 2016-11-03 00:52:28.084461 | NtWriteFile | buffer => 4 67 75 FID.1:o: :F:ArialMT P:Arial L:$  "F:Arial # 89 FID.1:o: :F:Arial-ItalicMT P:Arial Italic L:$  ÿ "F:Arial # 85 FID.1:o: :F:Arial-BoldMT P:Arial Bold L:$ ¼ "F:Arial # 98 FID.1:o: :F:Arial-BoldItalicMT P:Arial Bold Italic L:$ ¼ ÿ "F:Arial # 91 FID.1:o: :F:Arial-Black P:Arial Black L:- „ "F:Arial Black # 95 FID.1:o: :F:ComicSansMS P:Comic Sans MS L:-  BF:Comic Sans MS # 105 FID.1:o: :F:ComicSansMS-Bold P:Comic Sans MS Bold L:- ¼ BF:Comic Sans MS # 94 FID.1:o: :F:CourierNewPSMT P:Courier New L:$  1F:Courier New # 108 FID.1:o: :F:CourierNewPS-ItalicMT P:Courier New Italic L:$  ÿ 1F:Courier New # 104 FID.1:o: :F:CourierNewPS-BoldMT P:Courier New Bold L:$ ¼ 1F:Courier New # 117 FID.1:o: :F:CourierNewPS-BoldItalicMT P:Courier New Bold Italic L:$ ¼ ÿ 1F:Courier New # 84 FID.1:k: :P:C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd.otf # 92 FID.1:k: :P:C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf # 89 FID.1:k: :P:C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf # 96 FID.1:k: :P:C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf # 108 FID.1:o: :F:EstrangeloEdessa P:Estrangelo Edessa L:  BF:Estrangelo Edessa # 123 FID.1:o: :F:FranklinGothic-Medium P:Franklin Gothic Medium L:$  "F:Franklin Gothic Medium # 136 FID.1:o: :F:FranklinGothic-MediumItalic P:Franklin Gothic Medium Italic L:$  ÿ "F:Franklin Gothic Medium # 79 FID.1:o: :F:Gautami P:Gautami L:8  F:Gautami # 79 FID.1:o: :F:Georgia P:Georgia L:$  F:Georgia # 93 FID.1:o: :F:Georgia-Italic P:Georgia Italic L:$  ÿ F:Georgia # 89 FID.1:o: :F:Georgia-Bold P:Georgia Bold L:$ ¼ F:Georgia # 102 FID.1:o: :F:Georgia-BoldItalic P:Georgia Bold Italic L:$ ¼ ÿ F:Georgia # 76 FID.1:o: :F:Impact P:Impact L:' |